Naval Dome: Cyberattacks on OT systems on the rise
The maritime industry’s operational technology (OT) systems are vulnerable to a rising number of cyberattacks, with incidents expected to reach record volumes by the year’s end. Attacks on maritime stakeholders have already increased by 900 per cent over the last three years, according to Israeli cybersecurity firm Naval Dome.
In 2017 there were 50 significant OT hacks reported, increasing to 120 in 2018 and more than 310 last year. 2020 is expected to end with more than 500 major cybersecurity breaches, with substantially more going unreported.
At the AAPA’s 2020 Port Security Seminar & Expo, Robert Rizika, Naval Dome’s Boston-based head of North American operations, said that since NotPetya – the virus that resulted in a $300 million loss for Maersk – attacks are increasing at an alarming rate.
Recalling recent incidents, he told delegates that in 2018 the first ports were affected, with Barcelona, then San Diego falling under attack. Australian shipbuilder Austal was hit and the attack on COSCO took down half of the shipowner’s US network.
This year, a U.S.-based gas pipeline operator and shipping company MSC have been hit by malware. The latter incident shut down the shipowner’s Geneva HQ for five days. A U.S.-based cargo facility’s operating systems were infected with the Ryuk ransomware, and last month the OT systems at Iran’s Shahid Rajee port were hacked, restricting all infrastructure movements and creating a massive back log.
The spate of attacks has raised public awareness of the potential wider impact of cyber threats on ports around the world. Intelligence from Iran, along with digital satellite imagery, showed the Iranian port in a state of flux for several days. Dozens of cargo ships and oil tankers waiting to offload, while long queues of trucks formed at the entrance to the port stretching for miles, according to Naval Dome.
Emphasising the economic impact and ripple effect of a cyber-attack on port infrastructure, Rizika said that a report published by Lloyd’s of London indicated that if 15 Asian ports were hacked, financial losses would be more than $110 billion – a significant amount of which would not be recovered through insurance policies, as OT system hacks are not covered.
All parts of the OT system – the network connecting RTGs, STS cranes, traffic control and vessel berthing systems, cargo handling and safety and security systems – are under threat.
“Unlike the IT infrastructure, there is no “dashboard” for the OT network allowing operators to see the health of all connected systems. Operators rarely know if an attack has taken place, invariably writing up any anomaly as a system error, system failure, or requiring restart. They don’t know how to describe something unfamiliar to them. Systems are being attacked but they are not logged as such and, subsequently, the IT network gets infected,” Rizika said.
While many operators believe they are protected by the installation of traditional cybersecurity measures, the fire walls and software protecting the IT side do not protect individual systems on the OT network.
Where OT networks are thought to be protected, Rizika said they are often inadequate and based on an industrial computerized system, operating in a permanent state of disconnection from the network. Some may be connected to port systems and the equipment manufacturer’s offices overseas via wifi or a cellular network.
Naval Dome also predicts that cyber criminals, terrorists and rogue states will at some point begin holding the environment to ransom. “One area we see becoming a major issue is cyber-induced environmental pollution. Think about it: you have all these ships in ports, hackers can easily over-ride systems and valves to initiate leaks and dump hazardous materials, ballast water, fuel oil, etc.,” Rizika warned